NSO Group, developer of the controversial Pegasus spyware, is reportedly set to be acquired by US defence contractor L3 Harris Tech. An acquisition by a US company would likely bring about a fundamental shift in how Pegasus is deployed, as the popularity of spyware among governments grows.
Interest in acquiring NSO has been running high since the company was blacklisted by the US government and forced to restructure its operations. But L3 Harris Tech is leading the race to acquire the company, according to a report from Intelligence Online, and a deal could be announced in the coming days.
What would NSO Group takeover mean for Pegasus?
The US government blacklisted NSO Group in November because, it said, Pegasus poses a threat to national security.
Last year a major international investigation revealed the software has been used by authoritarian regimes to spy on political opponents, activists and journalists. More recently it has been deployed against government officials in the UK and Spain, including prime minister Boris Johnson’s office.
NSO Group’s acquisition by a US-based company would limit which countries could deploy the software, which is likely to change attitudes considerably, says Aseem Prakash, global futurist at the Centre for Innovating the Future consultancy.
“A very major possibility is that Pegasus can be militarised [by the US],” he says. “Once it is militarised, countries that are aligned with the US will have probably very little problem with it. And countries that are not aligned will have to figure things out.”
The use of spyware by governments around the world is growing, according to Kaja Ciglic, senior director of digital diplomacy at Microsoft. “It’s a practice that is growing, in terms of the numbers of different actors, the numbers of different governments engaging and investing in this area, the numbers of attacks and their sophistication,” Ciglic said at a European Parliament committee hearing into the use of Pegasus and other spyware earlier today.
Weaponising intelligence is nothing new, says Jamie Moles, a senior technical manager at network detection and response firm ExtraHop. But, he says: “We’ve never really seen it because we’re not told about it. We have never really seen it in the commercial market, which is what NSO is doing.”
The acquisition of the company, therefore, is less about who owns the software, but who has control over the client base, he says. “This feels like an attempt to pull it back into the US Federal business rather than letting it remain a public entity,” he says.
The value of offensive cyber warfare tools is likely to grow
NSO Group has seen its client base shrink since the US blacklisting, despite reportedly being urged by creditors including Swiss bank Credit Suisse to continue selling Pegasus in the face of the international outcry about its use.
Last week, a Spanish judge investigating the use of Pegasus against two politicians reportedly travelled to Israel to interview NSO Group executives.
The continued use of Pegasus and other spyware illustrates a split in the cybersecurity industry, says Justin Fier, VP of tactical risk and response at security company Darktrace.
“Within the cyber industry there are factions that strongly oppose the creation and commercial offering of these powerful tools, and there remains a clear line between organisations providing defensive products and services, and those who offer offensive capabilities to the highest bidder,” he says.
Fier continues: “It is evident that cyber tools [like Pegasus and other spyware] which exploit zero-day vulnerabilities can be extremely valuable to nation-states as well as Big Tech.”